Mura/Masa CMS SQLi (CVE-2024-32640)
Description
Mura CMS (now known as Masa CMS) contains a critical SQL Injection vulnerability (CVE-2024-32640) that allows remote attackers to execute arbitrary SQL commands without authentication. This vulnerability exists in the application's database query handling and can be exploited by sending specially crafted requests to vulnerable endpoints, enabling attackers to bypass authentication mechanisms and directly interact with the underlying database.
Remediation
Immediately upgrade to a patched version of Mura CMS or Masa CMS that addresses CVE-2024-32640. Consult the vendor's security advisories for the specific version that contains the fix. As interim mitigation measures: (1) Review and restrict network access to the CMS administrative interfaces using firewall rules or IP allowlisting, (2) Enable Web Application Firewall (WAF) rules to detect and block SQL injection attempts, (3) Audit database user permissions to ensure the CMS operates with minimal required privileges, and (4) Monitor application logs for suspicious SQL-related error messages or unusual database queries. After patching, conduct a security assessment to verify no unauthorized access occurred and review all user accounts for signs of compromise.